CVE-2023-25801 TensorFlow has double free in Fractional(Max/Avg)Pool

TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, nnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 require the first and fourth elements of their parameter poolingratio to be equal to 1.0, as pooling on batch and channel dimensions is not supporte...

CVE-2023-27579 TensorFlow has Floating Point Exception in TFLite in conv kernel

TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1...

Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs

Impact Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server or mlflow ui commands using an MLflow version older than MLflow 2.2.1 may be vulnerable to a remote file existence check exploit if they are not limiting who can query their server for...

GHSA-WP72-7HJ9-5265 Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs

Impact Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server or mlflow ui commands using an MLflow version older than MLflow 2.2.1 may be vulnerable to a remote file existence check exploit if they are not limiting who can query their server for...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +80 more potentially affected by CVE-2023-25676 via tensorflow-gpu (>=1.10.1 <=2.0.4)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.2, =0.6.7, =0.1.2, =0.1.0, =0.1.2 - dragonn =0.4.2 and more Source cves: CVE-2023-25676 Source advisory: OSV:GHSA-6WFH-89Q8-44JQ...

MinIO Information Disclosure Vulnerability

MinIO is an open source object storage server from MinIO, Inc. The product supports building infrastructure for machine learning, analytics, and application data workloads.MinIO is vulnerable to an information disclosure vulnerability that stems from the fact that in a cluster deployment MinIO...

GHSA-HH52-G5C4-WPRH Moodle may allow authenticated users to enumerate other user's names via learning plans page

Authenticated users were able to enumerate other users' names via the learning plans page...

Moodle may allow authenticated users to enumerate other user's names via learning plans page

Authenticated users were able to enumerate other users' names via the learning plans page...

CVE-2023-28334

Authenticated users were able to enumerate other users' names via the learning plans page...

CVE-2023-28334

Authenticated users were able to enumerate other users' names via the learning plans page...

CVE-2023-28334

Authenticated users were able to enumerate other users' names via the learning plans page...

Code injection

Authenticated users were able to enumerate other users' names via the learning plans page...

UBUNTU-CVE-2023-28334

Authenticated users were able to enumerate other users' names via the learning plans page...

CVE-2023-28334 Moodle: users' name enumeration possible via idor on learning plans page

Authenticated users were able to enumerate other users' names via the learning plans page...

CVE-2023-28334 Moodle: users' name enumeration possible via idor on learning plans page

Authenticated users were able to enumerate other users' names via the learning plans page...

CVE-2023-28334

CVE-2023-28334 affects Moodle via an authenticated user IDOR on the learning plans page, enabling enumeration of other users’ names. OpenVAS lists Moodle core version ranges (e.g., 4.0.x before 4.0.7 and 4.1.x before 4.1.2) as vulnerable to an IDOR vulnerability; Veracode notes full information d...

Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1...

Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1...

Moodle 安全漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle. An attacker exploited the vulnerability to enumerate the names of other users via the...

CBL Mariner 2.0 Security Update: tensorflow (CVE-2022-41898)

The version of tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-41898 advisory. - TensorFlow is an open source platform for machine learning. If SparseFillEmptyRowsGrad is given empty...